Correct way to use Hotlink protection

infinityws

Well-Known Member
Feb 20, 2003
110
0
166
Originally posted by NightHawk
have you tried listing the counter script as a referrer in your hotlink .htaccess ??

cPanel.net Support Ticket Number:
Yep , but it didn't work. I was able to hack around and get it to work. Since people link directly to the cgi script i blocked linking to .cgi, which in turn links to the .ram. So everything is working for me now.

cPanel.net Support Ticket Number:
 

hostultra

Well-Known Member
Aug 21, 2002
167
0
166
one tip:

if you hotlink protect any media file type that opens in windows media player you must allow "direct requests"
Windows media player does not send a referer!

Of course if your really smart you could detect media player by checking the user agent :)

I dont like mod_rewrite and .htaccess
it slows down the server ALOT

cPanel.net Support Ticket Number:
 

Website Rob

Well-Known Member
Mar 23, 2002
1,501
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
Originally posted by outie
Speaking of hotlink protection... one of my clients has a huge traffic site. His site is for image upload and some large forums link the images from his site.

He used hotlink protectioin to protect other people from linking images from his site (to save bandwidth) and directed them all to one single image file.

This created a huge server load on my server (70% on a p4 1.7). Is that normal or he didn't do it right? When he removed the redirect protection it was down to 1% load.

cPanel.net Support Ticket Number:
Probably doing it incorrectly. :)

That's why, in my earlier post, I mentioned that I use 'F' instead of 'R' in the rewrite rule.

RewriteRule .*\.(gif|jpg)$ http://www.theirdomain.com/images/blank.gif - [R,L]

Some people use the above type code and don't realize they are setting up an endless loop.

If you tell the Server to re-direct people, not authorized to use an 'gif' image for example, to a page that "has" a gif image, or an image itself as some like to do, the re-write kicks in and there is now an endless loop. This is because they are still trying to 'pull' or 'steal' something they are not allowed to do -- according to the Server anyway.

The coding to use 'R' and not create an endless is a bit different (it would seem) as it depends on the OS, Server setup, etc. Using:

RewriteRule .*\.(gif|jpg)$ - [F,L]

works each time, every time -- that I know of.

cPanel.net Support Ticket Number:
 

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,715
28
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
Just a heads up on Hot link protection, if the visitor uses Norton's firewall, they will not see the images no matter how you set it up.

Since Norton's is huge you may want to link to a article or make your own on how to tweak Norton's firewall to work with hot link protection.

I put a link to this page on the main page when they might be wondering why the images don't show.

Here is a example page on how to change Norton's firewall:

http://www.easywebsitepromotion.com/website-promotion/norton-firewall-fix-to-see-pictures.htm

Feel free to copy I made it myself.

-Charles

cPanel.net Support Ticket Number:
 

hostultra

Well-Known Member
Aug 21, 2002
167
0
166
Originally posted by DWHS.net
Just a heads up on Hot link protection, if the visitor uses Norton's firewall, they will not see the images no matter how you set it up.

Since Norton's is huge you may want to link to a article or make your own on how to tweak Norton's firewall to work with hot link protection.

I put a link to this page on the main page when they might be wondering why the images don't show.

Here is a example page on how to change Norton's firewall:

http://www.easywebsitepromotion.com/website-promotion/norton-firewall-fix-to-see-pictures.htm

Feel free to copy I made it myself.

-Charles

cPanel.net Support Ticket Number:
There is actually an option to enable referers in norton
removing port 80 from the http ports is probably not a good idea as it changes other security settings

Options->Internet Security Professional->Web Content Tab->Information about visited sites->Permit

cPanel.net Support Ticket Number:
 

equens

Well-Known Member
Feb 8, 2002
283
5
318
Hotlink bugs

First, if I put the hidden tag <input type=hidden name=rurl value="<cpanel Mime="linkrurl()">">
and I try to activate the hotlink and I insert http://www.domain.com/error.htm in Url to Redirect to:
the server shows this error: The requested URL /error.htm was not found on this server when I try to get
http://www.domain.com/image.gif or http://www.domain.com/image2.gif WHY??????????????

But if I change this tag in Cpanel code to <input type=hidden name=rurl value="http://www.domain.com/error.htm">
and I activate Hotlink and I try to get http://www.domain.com/image.gif the server shows http://www.domain.com/error.htm
correctly. WHY??????????????


www.domain.com is not the same as www.domain.com/ when it comes to hotlink protection, there are some code
to repair this http://(www\.)?yourdomain.com(/)? in .htaccess, but with the actual system in cpanel this is not
possible. With the problem of slash at the end of domain, my customers can not activate the Hot Link because
they can´t access to domain.com.

The Url to Redirect to option does not work
It is not possible to access to domain.com

Do you think that this tool is really serious in Cpanel??


Thanks!

cPanel.net Support Ticket Number:
 

pagedeveloping

Well-Known Member
Jun 11, 2003
219
0
166
New York
Has any one come up with a solution yet? I have tried every possible way to create a hotlink protection in .htaccess and still nothing seems to work for me..

At one time I had this working but when I updated to apache 1.3.28 it stoped working again...:mad:

cPanel.net Support Ticket Number:
 

furquan

Well-Known Member
Jul 27, 2002
473
4
168
This might help ;)

Pls note :- I foud this on the net, hence i am posting it here.

The greatest and most irritating bandwidth leech is having someone link to images on your site. You can foil such thieves very easily with .htaccess. Copy the following into your .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

You don't need to understand any of that! Just change 'domain.com' to the name of your domain.

(Again each command should be on a single line. There are 4 lines above, each starting with 'Rewrite')

If you want to really let them know they have been rumbled why not make an image call it stealing.gif, save it to your images file and add the following line after the code above:

RewriteRule \.(gif|jpg)$ http://www.domainname.com/images/stealing.gif [R,L]

(The above command should be on a single line)

cPanel.net Support Ticket Number:

cPanel.net Support Ticket Number:
 

Website Rob

Well-Known Member
Mar 23, 2002
1,501
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
furquan
- if you read some of the earlier posts, you will see that using a [R]edirect to a gif image creates an endless loop on the Server.


pagedeveloping
- although I'm not sure what the specific problem is that you are having, I would think your answer does lie somewhere in this thread.


equens
- have you checked to make sure you have a "404.shtml" page? Unless otherwise stated, which you do here:
<input type=hidden name=rurl value="http://www.domain.com/error.htm">
the Server will default to using an "shtml" page for errors.

cPanel.net Support Ticket Number:

cPanel.net Support Ticket Number:
 

pagedeveloping

Well-Known Member
Jun 11, 2003
219
0
166
New York
Hi! and thanks for the response.

I can use just about any code, my real problem at this time is trying to figure out how to get this to work with the https. If I try RewriteCond %{HTTP_REFERER} !^https://(www\.)?domain.com/.*$ [NC]

I get no images at all.

I do have an custom error page and I have a redirect leading back to another server such as

RewriteRule \.(gif|jpg)$ http://www.another_domainname.com/images/stealing.gif [R,L]

that also prevents the loop effect.

If I can make this work with https I think that my problems will be resolved.

thanks,

Pete

cPanel.net Support Ticket Number:
 

dennis

Well-Known Member
Apr 22, 2003
88
0
156
Singapore
cool! never theres a sticky on this...

anyway please take a look at my problem...

http://forums.cpanel.net/showthread.php?s=&threadid=13590

After i tried cpanel hotlink protection and Rob's... it doesn't work for my case...

once i set hotlink protection on... my WAP users downloading stuffs from our WAP site using their mobilephone will hangs at dat WAP page where they are trying to download...

anybody able to help?

cPanel.net Support Ticket Number:
 

euselect

Well-Known Member
Aug 3, 2003
51
0
156
Bug report submitted, it appears this still doesnt work

cPanel.net Support Ticket Number: 22934
 

dennis

Well-Known Member
Apr 22, 2003
88
0
156
Singapore
Originally posted by dennis
cool! never theres a sticky on this...

anyway please take a look at my problem...

http://forums.cpanel.net/showthread.php?s=&threadid=13590

After i tried cpanel hotlink protection and Rob's... it doesn't work for my case...

once i set hotlink protection on... my WAP users downloading stuffs from our WAP site using their mobilephone will hangs at dat WAP page where they are trying to download...

anybody able to help?

cPanel.net Support Ticket Number:
anybody can help? :(

cPanel.net Support Ticket Number:
 

NNNils

Well-Known Member
Sep 17, 2002
580
0
166
I have a strange problem too.

When enabling hotlink protection, anyone can see the pictures fine, except for users from 1 particular provider. They see crosses instead of the pictures on the site.
Any idea what the problem migth be?
Maybe that particular visitor can have some wrong setting in Explorer, if yes, what option could that be?

cPanel.net Support Ticket Number:
 

pagedeveloping

Well-Known Member
Jun 11, 2003
219
0
166
New York
Originally posted by NNNils
I have a strange problem too.

When enabling hotlink protection, anyone can see the pictures fine, except for users from 1 particular provider. They see crosses instead of the pictures on the site.
Any idea what the problem migth be?
Maybe that particular visitor can have some wrong setting in Explorer, if yes, what option could that be?

check to see if the website is using FrontPage. I noticed that this does not effect front page users.

cPanel.net Support Ticket Number:
 

3amp

Member
Jun 9, 2003
18
0
151
This is how I have it working...

I only needed to hotlink protect 1 directory with memberuploads as some members kept thinking that the site is some kind of storageplace despite of all the warnings. So Iput it in the memberfiles directory...and since I was guessing the htaccess rule would work in this case as well this is what I got:

Code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^[url]http://[/url](www\.)?arubastation.com(/)?.*$     [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp)$ [url]http://www.arubastation.com/hotlink.png[/url] [R,NC]
I used png as I don't like to use an external server for redirect file... but at the same time I'd like people to know what's going on and why their images are not working...

What I am wondering, did I do everything correctly? Will this only affect the member dir. indeed as I only put it in there and no other dirs. are below that? All seems to be working just the way I wanted it to... but I want to be sure...so any input would be welcome.

thanks

Stepan
 
Last edited:

DemonCrusher

Registered
Jun 1, 2004
1
0
151
Hey everyone,

Sorry for resurrecting this thread. I'm having the same problem, but I don't understand the htaaccess file at all. I used the CPanel hotlink protection, and it works well with the exception of not letting me link my own files.. :mad:

Can someone take me step by step on how to fix this problem?

Thanks for any help!

Candice